By Kenneth S. Moser, CNA, CNSA, APICS Director of Information Systems

Fortunately, the issue was never brought to a test because the act was immediately appealed to the Supreme Court. Then, on June 26, by a vote of seven to two, the Supreme Court struck down the Act's prohibitions on "indecent" and "patently offensive" expression. Other provisions remain in full force, but these deal largely with obscene material as defined in existing law. If you are interested in reading more about this decision, you may read about it at http://supct.law.cornell.edu/supct/html/96-511.ZS.html.

An older, if less public, debate has been simmering for several years over encryption. While encryption has been either restricted or illegal in most every part of the world at one time or another, there have been relatively few laws regulating its use within the U.S. since World War II. The debate over encryption has taken several forms here; how much encryption should be allowed, whether methods and tools should be exported, and whether encryption should be restricted to government-approved methods that permit access to encrypted data by legally-sanctioned authorities.


Internet encryption
For over a decade now, the National Institute of Standards and Technology (NIST) has advocated a method known as the Data Encryption Standard (DES). Conspiracy theorists claim that NIST advocated DES because the government knew how to break it. This is unlikely, but the key size used in the original (and officially sanctioned) specifications is not large enough to resist a determined attack by modern computer systems.

In addition, DES is what is known as a private key method of encoding files — in order for you to decode my messages, I must give you my private key. This makes DES rather inconvenient to use and, if my key is intercepted (e.g., via wiretap, search warrant or other means), very easy to break. To ensure some degree of control over this technology, the U.S. government has classified encryption methods and tools as munitions and made software using keys larger than 40 bits illegal to export.

The opening salvo in the shooting war over encryption was fired a few years ago when an engineer named Phil Zimmerman published a very powerful encryption algorithm called PGP. This algorithm is based on a method of encryption called public key — the sender encodes messages with the recipient's public key which only the recipient can decode with a matching (but not identical) secret key. To add insult to injury, PGP can accommodate key sizes in excess of 1,024 bits. Why the problem?

Since the algorithm was implemented almost entirely in a portable computing language called C, it could be run on virtually any computer system. Since Mr. Zimmerman published the algorithm in a book — a medium of expression protected under the First Amendment — the government was powerless to suppress it. Now PGP is available for every significant computer platform and can be downloaded from sites around the world.

More recently, encryption has become critical to online commerce. As a result, software companies throughout the U.S. have argued that the country will not be able to compete with firms operating elsewhere unless they are allowed to export better encryption software. Earlier this year, in order to skirt provisions restricting distribution of encryption software produced in the U.S., Sun Microsystems announced its intention to begin distributing encryption software written by Russian scientists.

Finally, on June 17, just as Congress was debating export of keys greater than 56 bits, a researcher used PCs on the Internet to break a message encoded with 56-bit DES. I don't have space to cover it here, but this is a remarkable story; read about it at http://www.frii.com/~rcv/deschall.htm.

Lately, the debate has centered on whether or not anyone should be allowed to encrypt messages without providing copies of their keys to government authorities. Louis J. Freeh, director of the Federal Bureau of Investigation, claims that strong cryptography will help shield terrorists and other criminals. Civil libertarians argue that citizens have a right to privacy; that they should not be forced, in effect, to give the government the keys to their homes; and that if encryption is outlawed, only outlaws will have it.

Director Freeh's testimony is available at http://www.epic.org/crypto/legislation/freeh_6_4_97.html. For a look at opposing views, see http://www.crypto.com/key_study/report.shtml and the archives of the Electronic Privacy Information Center (EPIC), located at http://www.epic.org/.


Internet privacy
The third major issue on the Net this summer has been privacy. The computer industry's first major brush with this issue was probably when Lotus Corporation announced plans to sell consumer-based marketing data. That episode resulted in legislation that requires organizations (including APICS) to record and respect requests not to sell or distribute customer information for other purposes.

More recently, the Social Security Administration ran into a major controversy when it built a Web site for taxpayers to estimate their retirement benefits. Unfortunately, this estimate was based on real data accessible via Social Security Number — information that allowed anyone accessing it to estimate your income pretty accurately.

These issues came to a boil on June 10 when the Federal Trade Commission (FTC) held its second public workshop on consumer privacy issues. Topics included consumer privacy online, children's privacy, unsolicited e-mail (often called SPAM) and computer databases. Legislation resulting from this workshop may require Web site providers such as APICS to observe new restrictions on the collection and disclosure of consumer information.

For more information about the FTC workshop, see http://www.ftc.gov/bcp/privacy2/, http://www.epic.org/privacy/internet/ftc/, and http://www.epic.org/reports/surfer-beware.html.

These issues may sound rather dry and technical, but I encourage you to think about them because they will affect you.

On a final note, as I write this column our Web site is fully back online and updated for the first time since early May. We now have the entire APICS site — all 300+ pages — imported and re-worked in Microsoft FrontPage. Better yet, for the first time in our history online, we will be able to compose pages and post updates at will. This doesn't make the job any less daunting, but it's nice to have more control over the situation. More to the point, now that we have this work behind us, we will be able to get back on track developing new services for all of you.

Meanwhile, our old site is still online and causing some confusion out there in cyberspace. Our old site has a red jelly bean with the words, on IndustryNET, in the graphic at the top of the page; if you see this, you're looking at old information. Erase all of your old APICS bookmarks and point your browser at http://www.apics.org. This should bring you into our new site.

Note: Major portions of this article were sourced from the Electronic Privacy Information Center in Washington, D.C. (http://www.epic.org) and the Social Science Electronic Publishing's Cyberspace-Law for Non-Lawyers archive (http://www.ssrn.com/cyberlaw).

Copyright © 2020 by APICS — The Educational Society for Resource Management. All rights reserved.

Web Site © Copyright 2020 by Lionheart Publishing, Inc.
All rights reserved.


Lionheart Publishing, Inc.
2555 Cumberland Parkway, Suite 299, Atlanta, GA 30339 USA
Phone: +44 23 8110 3411 | br> E-mail:
Web: www.lionheartpub.com


Web Design by Premier Web Designs
E-mail: [email protected]